Subject: Re: crashes in ipfilter on i386
To: None <tech-net@netbsd.org>
From: Michael van Elst <mlelstv@serpens.de>
List: tech-net
Date: 07/24/2007 20:00:04
gdt@ir.bbn.com (Greg Troxel) writes:
>I have an i386 running netbsd-4, and it's been crashing ever since I
>upgraded recently.
Are you sure that you use this code?
> if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN) == -1)
> return;
[...]
> icmp6 = fin->fin_dp;
> ip6 = (ip6_t *)((char *)icmp6 + ICMPERR_ICMPHLEN);
> if (IP6_NEQ(&fin->fin_fi.fi_dst,
> &ip6->ip6_src))
> fin->fin_flx |= FI_BAD;
I am asking, because there was a bug exactly in this place
(a stale version of the icmp6 pointer was used) and the crash
was exactly where you have shown it in your previous mail.
However, this is fixed in the code snippet above.
The frpr_pullup ensures that enough data is in the buffer for the
IP6_NEQ operation and the icmp6 (and thus ip6) pointers are recomputed
in case the buffer was moved.
--
--
Michael van Elst
Internet: mlelstv@serpens.de
"A potential Snark may lurk in every tree."